Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: mixed

Multiple Vulnerabilities in yappa-ng < 2.3.2 Vulnerability Scan

Vulnerability Scan Summary
Checks for multiple vulnerabilities in yappa-ng < 2.3.2

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains several PHP scripts that are prone to
multiple flaws, including arbitrary file inclusion.

Description :

The version of yappa-ng installed on the remote host is prone to
multiple file include and cross-site scripting vulnerabilities due to
its failure to sanitize user-supplied script input when calling
various include scripts directly.

By exploiting the file include vulnerabilities, a possible hacker can read
arbitrary files on the remote host and possibly even run arbitrary
code, subject to the rights of the web server process. And by
exploiting the cross-site scripting vulnerabilities, he can cause
arbitrary script and HTML code to be run in a user's browser within
the context of the affected web site.

See also :

Solution :

Upgrade to yappa-ng 2.3.2 or later.

Threat Level:

Medium / CVSS Base Score : 6

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.